Windows update nefunguje a pár dalších podivností s PC

[pan Hankey]

Dobrý den, 14.3. jsem stáhnul přes Steam hru (a návod) a od té doby mi nefunguje windows update, správce úloh se sám po chvilce zavírá a třeba i tyto logy jsem nemohl dokončit několik hodin (neustále se FRST zavíral jako ten správce úloh). Děkuji předem za kontrolu logu.
------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2021
Ran by Tom78 (administrator) on STROJ (ASUS All Series) (15-03-2021 01:33:00)
Running from C:\Users\Tom78\Desktop
Loaded Profiles: Tom78
Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Discord Inc. -> Discord Inc.) C:\Users\Tom78\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <6>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-11-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2021-02-12] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [286064 2021-01-25] (IDSA Production signing key 2021 -> Intel)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [383488 2021-03-01] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Policies\Explorer: [NoSecurityTab] 1
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B3DF736-C9D1-4654-B280-3167B18976A2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0F394143-FC6F-49E8-96D8-62BEAF881724} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {16165489-B047-4F32-AE2F-0B8FC3EE4266} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2F8B60BB-D329-4FE4-81D1-EC6438C6722D} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-02-26] (Overwolf Ltd -> Overwolf LTD)
Task: {3F605241-775B-400C-855C-C8B7737F3BE9} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {66355CC9-FD99-4455-BB09-A5E02A72AA7B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6888B1FA-5929-4C01-B3AA-497958DD444D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {71F283E7-596E-479C-AF65-5E5219C62AFE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {75FBC15C-4707-4ABA-ACE3-8AE813DD3C67} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {76EE904A-80AF-40E4-AEE3-F7CEB017918F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {78043D10-D210-4D1A-B1FD-3C72DC2BD463} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {8AC4B7AD-124E-47CE-ADB3-22A29DF7CF57} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {91D7D07A-E098-4258-BFBC-8EF00DBF034A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A391F36A-B967-4608-9F8B-83E903096B96} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A7128F6C-5084-4C23-9B18-2152FEC5098D} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {B1148C29-B59F-4B31-B6B7-3ABC1FA45664} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {BC45CEEE-E183-43DB-B517-12CFD746AFBA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CB849B93-CF86-4F07-8AD9-4A67A23DAC26} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineIS => C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22\TG_1.4.84.69.exe (Access Denied) <==== ATTENTION
Task: {D5623898-B15F-4517-A160-91A697C8EEB8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DD822769-7A61-4231-91ED-838BA4C24846} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E0214C33-BD0A-44AB-ADC6-284CC8E0467A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.73.101.1 185.73.108.1
Tcpip\..\Interfaces\{18e5d354-c0de-4224-a18f-5896fdf53c09}: [DhcpNameServer] 185.73.101.1 185.73.108.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Tom78\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-15]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Adblock Complete) - C:\Users\Tom78\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fbobegkkdmmcnmoplkgdmfhdlkjfelnb [2021-01-17]
Edge Extension: (Word) - C:\Users\Tom78\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-20]
Edge Extension: (Excel) - C:\Users\Tom78\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-20]

FireFox:
========
FF DefaultProfile: 3tpdidnb.default
FF ProfilePath: C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\3tpdidnb.default [2020-09-07]
FF ProfilePath: C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\x0rbafew.default-release [2021-03-15]
FF Session Restore: Mozilla\Firefox\Profiles\x0rbafew.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\x0rbafew.default-release -> hxxps://www.facebook.com; hxxps://www.instagram.com
FF Extension: (uBlock Origin) - C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\x0rbafew.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-03-12]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-11-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; F:\HRY\GOG Galaxy\GalaxyClientService.exe [1728072 2020-10-01] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-10-01] (GOG Sp. z o.o. -> GOG.com)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes Corporation -> Malwarebytes)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-02-26] (Overwolf Ltd -> Overwolf LTD)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2020-11-23] (Even Balance, Inc. -> )
S3 Rockstar Service; F:\HRY\GTA\Launcher\RockstarService.exe [1631360 2020-12-02] (Rockstar Games, Inc. -> Rockstar Games)
S2 SU10Guard; C:\Windows\F1VPIJD6\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2016-12-02] (Disc Soft Ltd -> Disc Soft Ltd)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2020-12-14] (Malwarebytes Corporation -> Malwarebytes)
S3 Ser2pl; C:\WINDOWS\System32\drivers\ser2pl64.sys [227248 2017-10-30] (WDKTestCert charles-yeh,131345514351795974 -> Prolific Technology Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-15 01:33 - 2021-03-15 01:34 - 000015957 _____ C:\Users\Tom78\Desktop\FRST.txt
2021-03-14 23:49 - 2021-03-15 01:33 - 000000000 ____D C:\FRST
2021-03-14 23:47 - 2021-03-14 23:47 - 002300928 _____ (Farbar) C:\Users\Tom78\Desktop\FRST64.exe
2021-03-14 22:45 - 2021-03-14 22:45 - 083099648 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-03-14 22:36 - 2021-03-14 22:44 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-03-14 21:09 - 2020-02-27 07:54 - 000000000 ____D C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2034
2021-03-14 21:09 - 2019-09-26 09:57 - 000000000 ____D C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2035
2021-03-14 18:34 - 2021-03-14 19:48 - 1229937801 _____ C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2035 - (Audiokniha).rar
2021-03-14 18:29 - 2021-03-14 22:46 - 000000000 ____D C:\WINDOWS\F1VPIJD6
2021-03-14 17:53 - 2021-03-14 17:53 - 000570983 _____ C:\Users\Tom78\Downloads\Metro 2033 V05.01.2019 Trainer +6.rar
2021-03-14 17:43 - 2021-03-14 17:43 - 000010546 _____ C:\Users\Tom78\Downloads\Metro 2033 v20170305 Trainer-LIRW.rar
2021-03-14 17:29 - 2021-03-14 17:29 - 000000000 ____D C:\Users\Tom78\Documents\4A Games
2021-03-14 17:29 - 2021-03-14 17:29 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\NVIDIA
2021-03-14 17:17 - 2011-02-06 12:07 - 000367538 _____ C:\Users\Tom78\Downloads\Metro 2033 - návod.pdf
2021-03-14 17:12 - 2021-03-14 17:13 - 000000000 ____D C:\Users\Tom78\Downloads\Metro 2033
2021-03-14 17:04 - 2021-03-14 17:05 - 262449168 _____ ( ) C:\Users\Tom78\Downloads\WinCheater2_complete_setup.exe
2021-03-14 16:54 - 2021-03-14 17:28 - 584979970 _____ C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2034 - (Audiokniha).rar
2021-03-14 16:20 - 2019-09-11 18:05 - 000000000 ____D C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2033 - (Audiokniha)
2021-03-14 15:08 - 2021-03-14 16:19 - 956928289 _____ C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2033 - (Audiokniha).rar
2021-03-14 14:59 - 2021-03-14 14:59 - 000000221 _____ C:\Users\Tom78\Desktop\Metro 2033.url
2021-03-13 05:48 - 2021-03-13 05:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-10 17:02 - 2021-03-11 01:49 - 000000000 ____D C:\Users\Tom78\Downloads\After Life
2021-03-09 15:56 - 2021-03-09 15:56 - 073200891 _____ C:\Users\Tom78\Downloads\Valhaim - Advanced Building Tips and Tricks.mp4
2021-03-09 15:44 - 2021-03-09 15:45 - 072284616 _____ C:\Users\Tom78\Downloads\Valheim - Large Dock House.mp4
2021-03-09 15:33 - 2021-03-09 15:35 - 218698318 _____ C:\Users\Tom78\Downloads\Valheim - Viking House - Log Cabin.mp4
2021-03-09 14:55 - 2021-03-09 14:55 - 000001345 _____ C:\Users\Tom78\Desktop\IronGate – zástupce.lnk
2021-03-06 02:58 - 2021-03-06 02:58 - 000000000 ____D C:\Users\Tom78\Downloads\366 dní za katrem
2021-03-03 16:58 - 2021-03-03 16:58 - 000000000 ____D C:\Users\Tom78\Downloads\nefunguje
2021-03-01 15:11 - 2021-03-01 15:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-01 15:11 - 2021-03-01 15:11 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-01 15:11 - 2021-03-01 15:11 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-01 15:11 - 2021-03-01 15:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-01 15:11 - 2021-03-01 15:11 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-01 15:11 - 2021-03-01 15:11 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-01 15:11 - 2021-03-01 15:11 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-01 15:10 - 2021-03-01 15:10 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-01 15:10 - 2021-03-01 15:10 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-01 15:10 - 2021-03-01 15:10 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-01 15:10 - 2021-03-01 15:10 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-01 15:10 - 2021-03-01 15:10 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-01 15:10 - 2021-03-01 15:10 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-01 15:10 - 2021-03-01 15:10 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-01 15:10 - 2021-03-01 15:10 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-01 15:10 - 2021-03-01 15:10 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-01 15:10 - 2021-03-01 15:10 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-01 15:10 - 2021-03-01 15:10 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-01 15:10 - 2021-03-01 15:10 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-01 15:10 - 2021-03-01 15:10 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-01 15:10 - 2021-03-01 15:10 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-01 15:09 - 2021-03-01 15:09 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-01 15:09 - 2021-03-01 15:09 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-03-01 15:09 - 2021-03-01 15:09 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-01 15:09 - 2021-03-01 15:09 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-01 15:09 - 2021-03-01 15:09 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-01 15:09 - 2021-03-01 15:09 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-01 15:08 - 2021-03-01 15:08 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-01 15:08 - 2021-03-01 15:08 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-01 15:08 - 2021-03-01 15:08 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-01 15:08 - 2021-03-01 15:08 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-01 15:08 - 2021-03-01 15:08 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-01 15:08 - 2021-03-01 15:08 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-01 15:08 - 2021-03-01 15:08 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-01 15:08 - 2021-03-01 15:08 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-03-01 15:07 - 2021-03-01 15:07 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-01 15:07 - 2021-03-01 15:07 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-01 15:07 - 2021-03-01 15:07 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-01 15:07 - 2021-03-01 15:07 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-02-27 13:56 - 2021-02-27 14:57 - 1078939948 _____ C:\Users\Tom78\Downloads\Lovci pokladů 2 - Kniha tajemství (2007).mp4
2021-02-27 03:22 - 2021-02-27 05:29 - 2298569469 _____ C:\Users\Tom78\Downloads\Lovci Pokladú (National Treasure 2004).mkv
2021-02-26 00:57 - 2021-02-28 17:41 - 000001066 _____ C:\Users\Tom78\Desktop\Valheim – zástupce.lnk
2021-02-26 00:52 - 2021-02-26 00:52 - 000000222 _____ C:\Users\Tom78\Desktop\Valheim.url
2021-02-20 04:09 - 2021-02-20 04:09 - 073541681 _____ C:\Users\Tom78\Downloads\Valheim Complete Guide All Bosses Locations All Materials.mp4
2021-02-19 04:22 - 2021-02-19 04:42 - 000000723 _____ C:\Users\Tom78\Documents\ClownfishVoiceChanger.ini
2021-02-19 04:22 - 2021-02-19 04:22 - 000000000 ____D C:\Users\Tom78\Documents\ClownfishSoundTemp
2021-02-19 04:22 - 2021-02-19 04:22 - 000000000 ____D C:\Users\Tom78\Documents\ClownfishCustomVocoders
2021-02-19 04:22 - 2021-02-19 04:22 - 000000000 ____D C:\Users\Tom78\Documents\ClownfishCustomSounds
2021-02-19 04:22 - 2021-02-19 04:22 - 000000000 ____D C:\Users\Tom78\Documents\Clownfish_VST_cfg
2021-02-18 16:15 - 2021-02-18 16:16 - 053014036 _____ C:\Users\Tom78\Downloads\VALHEIM - CREATIVE MODE.mp4
2021-02-17 15:17 - 2021-03-13 16:11 - 000000000 ____D C:\Users\Tom78\Downloads\valheim - MODS
2021-02-17 14:42 - 2021-02-17 14:42 - 000825556 _____ C:\Users\Tom78\Downloads\t115800.pdf
2021-02-16 03:01 - 2021-02-16 03:03 - 235317697 _____ C:\Users\Tom78\Downloads\Valheim - Longhouse.mp4
2021-02-15 00:07 - 2021-02-15 00:07 - 000000000 ____D C:\Users\Tom78\AppData\LocalLow\IronGate

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-15 01:10 - 2020-09-10 14:01 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-15 01:10 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-15 01:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-15 01:10 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-15 01:09 - 2020-10-06 21:33 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\discord
2021-03-15 01:09 - 2020-09-07 01:31 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-15 01:09 - 2018-09-10 14:27 - 000000000 ____D C:\Users\Tom78\AppData\LocalLow\Mozilla
2021-03-15 01:08 - 2020-10-09 02:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-15 00:42 - 2020-09-07 02:31 - 000000000 ____D C:\Program Files (x86)\Steam
2021-03-15 00:40 - 2020-09-21 18:03 - 000001036 _____ C:\Users\Tom78\Desktop\Steam.lnk
2021-03-14 23:49 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-14 22:50 - 2021-02-12 16:41 - 000002231 _____ C:\Users\Tom78\Desktop\Discord.lnk
2021-03-14 22:50 - 2020-10-09 02:36 - 001693200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-14 22:50 - 2019-12-07 15:41 - 000716602 _____ C:\WINDOWS\system32\perfh005.dat
2021-03-14 22:50 - 2019-12-07 15:41 - 000144780 _____ C:\WINDOWS\system32\perfc005.dat
2021-03-14 22:48 - 2020-09-07 00:27 - 000000000 ____D C:\ProgramData\NVIDIA
2021-03-14 22:46 - 2020-12-07 21:59 - 000000000 ____D C:\Users\Tom78\Documents\Assassin's Creed Unity
2021-03-14 22:46 - 2020-10-09 02:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-14 22:35 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-14 22:04 - 2020-12-14 21:22 - 000250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2021-03-14 22:04 - 2020-12-14 21:22 - 000043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-03-14 22:03 - 2020-09-07 00:56 - 000000000 ____D C:\Users\Tom78\AppData\Local\Packages
2021-03-14 17:31 - 2021-02-05 01:31 - 000000000 ____D C:\Users\Tom78\AppData\Local\4A Games
2021-03-13 13:16 - 2020-09-07 01:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-13 13:16 - 2020-09-07 01:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-13 05:48 - 2020-09-07 01:31 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-12 20:11 - 2020-09-07 01:35 - 000000000 ____D C:\Users\Tom78\AppData\Local\D3DSCache
2021-03-11 15:47 - 2020-09-21 18:03 - 000000871 _____ C:\Users\Tom78\Desktop\Epic Games Launcher.lnk
2021-03-10 16:04 - 2020-09-07 13:40 - 000001072 _____ C:\Users\Tom78\Desktop\utorrent – zástupce.lnk
2021-03-07 13:42 - 2020-09-07 03:21 - 000000000 ____D C:\Users\Tom78\AppData\Local\CrashDumps
2021-03-07 13:20 - 2020-09-15 15:50 - 000000000 ____D C:\Program Files\Cheat Engine 7.1
2021-03-06 11:56 - 2020-09-07 00:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-04 23:09 - 2021-02-11 19:09 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-03-04 12:02 - 2020-10-09 02:39 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 12:02 - 2020-10-09 02:39 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-03 16:39 - 2020-09-07 02:04 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-01 15:21 - 2020-10-09 02:18 - 000267672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-01 15:19 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-01 15:19 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-01 15:19 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-03-01 15:17 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-01 15:06 - 2020-10-09 02:22 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-03-01 14:53 - 2020-09-10 14:06 - 000000000 ___HD C:\$WinREAgent
2021-03-01 14:50 - 2020-09-07 12:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-01 14:48 - 2020-09-07 12:50 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-15 21:13 - 2021-01-17 11:16 - 000000929 _____ C:\Users\Tom78\Desktop\Grand Theft Auto V.lnk
2021-02-15 19:09 - 2020-09-07 15:24 - 000000000 ____D C:\Users\Tom78\AppData\Local\FLiNGTrainer
2021-02-15 00:31 - 2021-02-11 19:51 - 000001162 _____ C:\Users\Tom78\Desktop\SKlauncher 3-beta.17.2.lnk
2021-02-14 18:28 - 2021-01-17 01:01 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\.minecraft
2021-02-13 15:19 - 2020-09-24 21:05 - 000000000 ____D C:\Users\Tom78\AppData\Local\ElevatedDiagnostics
2021-02-13 05:37 - 2021-01-16 20:06 - 000000780 _____ C:\Users\Tom78\Desktop\Rockstar Games Launcher.lnk

==================== Files in the root of some directories ========

2021-02-09 16:53 - 2021-02-09 22:19 - 000007598 _____ () C:\Users\Tom78\AppData\Local\Resmon.ResmonCfg
2020-11-01 02:51 - 2020-11-01 02:51 - 000014116 _____ () C:\Users\Tom78\AppData\Local\Tempbannercash.tmp
2020-11-01 02:51 - 2020-11-01 02:51 - 000038121 _____ () C:\Users\Tom78\AppData\Local\Tempnewscash.tmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

----------------------------------------------------------------------------------------------------------------------------------------------------------

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by Tom78 (15-03-2021 01:36:41)
Running from C:\Users\Tom78\Desktop
Windows 10 Home Version 2004 19041.804 (X64) (2020-10-09 01:40:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4101578857-3757837661-3053645589-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4101578857-3757837661-3053645589-503 - Limited - Disabled)
Guest (S-1-5-21-4101578857-3757837661-3053645589-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4101578857-3757837661-3053645589-1002 - Limited - Enabled)
Tom78 (S-1-5-21-4101578857-3757837661-3053645589-1000 - Administrator - Enabled) => C:\Users\Tom78
WDAGUtilityAccount (S-1-5-21-4101578857-3757837661-3053645589-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Anno 1701 - History Edition (HKLM-x32\...\Uplay Install 16238) (Version: - Ubisoft)
Assassin's Creed II (HKLM-x32\...\Uplay Install 4) (Version: - Ubisoft)
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
Cities: Skylines - ČEŠTINA (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Cities: Skylines - ČEŠTINA) (Version: - )
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CurseForge (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.167.2.4 - Overwolf app)
Discord (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{0EE6DDEF-E36B-45EB-9E03-5A266EC8A8F8}) (Version: 1.1.279.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{6D70A161-C29B-441B-9AA5-2ABBAB3B4B4D}) (Version: 1.1.1.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2215.0 - Rockstar Games)
Cheat Engine 7.1 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
Intel Driver && Support Assistant (HKLM-x32\...\{F0E9774D-C5A1-4C83-89F9-191E1334D476}) (Version: 21.1.5.2 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{848F0123-CF5D-4192-90EC-A6574D8B1796}) (Version: 2.4.06522 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{3f5ceda7-9b48-4fa4-af57-8feaf8ab1e46}) (Version: 21.1.5.2 - Intel)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes verze 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Metal Gear Solid V (HKLM-x32\...\Metal Gear Solid V_is1) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Mozilla Firefox 86.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 86.0.1 (x64 cs)) (Version: 86.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 80.0.1 - Mozilla)
MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.166.1.16 - Overwolf Ltd.)
Paradox Launcher v2 (HKLM\...\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 - Paradox Interactive)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
Satisfactory v. 0.3.5.4 - Build 125236 (HKLM-x32\...\Satisfactory_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 3: Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.32 - GOG.com)
Tom Clancy's Ghost Recon Wildlands (HKLM-x32\...\Uplay Install 1771) (Version: - Ubisoft)
Tropico 6 (HKLM-x32\...\Tropico 6_is1) (Version: - )
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 113.0 - Ubisoft)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version: - Ubisoft)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Word (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2016-12-14] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Tom78\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Tom78\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2021-03-14 22:46 - 2021-03-14 22:46 - 000028160 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2020-12-15 14:37 - 2020-12-15 14:37 - 001950208 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\20x2p.com -> 20x2p.com

There are 1540 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-09-07 01:01 - 2020-09-07 00:59 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 185.73.101.1 - 185.73.108.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{81A2ACAC-7BFE-46A3-825E-6FC5AA6EF19D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2196E4A3-85CA-4387-BEBE-757EC088079D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BE2704A8-C7E4-4DFE-9FB3-8D91DC878C56}] => (Block) F:\HRY\Northgard\Northgard.exe () [File not signed]
FirewallRules: [{D12490D1-4F96-4DF4-B4CB-DC7C40106699}] => (Block) F:\HRY\Northgard\Northgard.exe () [File not signed]
FirewallRules: [{476B83AD-8C3A-4C62-91C4-CC41C2937520}] => (Block) F:\HRY\Northgard.Brundr.and.Kaelinn.Clan.of.the.Lynx-ALI213\Northgard.Brundr.and.Kaelinn.Clan.of.the.Lynx\Northgard.exe => No File
FirewallRules: [{E1A34569-0EF6-4F5D-82C3-50DB27C0E39D}] => (Block) F:\HRY\Northgard.Brundr.and.Kaelinn.Clan.of.the.Lynx-ALI213\Northgard.Brundr.and.Kaelinn.Clan.of.the.Lynx\Northgard.exe => No File
FirewallRules: [{D8F26C7F-8823-4672-AD76-B948647EB169}] => (Allow) F:\HRY\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{804856F3-D84E-4DC8-A8A2-B1156A47F497}] => (Allow) F:\HRY\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{D95781B6-BE6B-4B11-AF5F-8E0159407139}] => (Allow) F:\HRY\Life is Feudal MMO\launcher.exe => No File
FirewallRules: [{23224F4D-E512-4592-ADE7-CF2D06AD0F6F}] => (Allow) F:\HRY\Life is Feudal MMO\launcher.exe => No File
FirewallRules: [{28BC51D1-A0A4-4DA8-A9C4-4361C7B372A9}] => (Block) F:\HRY\Weed Shop 2\WS2.exe () [File not signed]
FirewallRules: [{247E041C-E089-4822-B078-028E84CB6D5E}] => (Block) F:\HRY\Weed Shop 2\WS2.exe () [File not signed]
FirewallRules: [{0BDD524E-8893-486F-8789-C6F679F526B0}] => (Block) F:\HRY\MGS5\Metal Gear Solid V - The Phantom Pain\mgsvtpp.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{075EDB48-C2AA-4B52-A7EA-34F619042E2A}] => (Block) F:\HRY\MGS5\Metal Gear Solid V - The Phantom Pain\mgsvmgo.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{53D8C44F-4254-4DE5-87DD-826A19A6CA05}] => (Block) F:\HRY\MGS5\Metal Gear Solid V - The Phantom Pain\mgsvtpp.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{3A68B81F-CEBB-4A37-AD6A-F272BCD60EE4}] => (Block) F:\HRY\MGS5\Metal Gear Solid V - The Phantom Pain\mgsvmgo.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{E31F4230-8177-42E4-A8AC-D5A7E6F88938}] => (Block) F:\HRY\Tropico 6\Tropico6.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A165DFBD-002F-4A8C-A181-777252CF0ED1}] => (Block) F:\HRY\Tropico 6\Launcher\KalypsoLauncher.exe (Realmforge Studios GmbH -> Realmforge Studios GmbH)
FirewallRules: [{9227C3D6-09F2-4755-A6A1-23AC85DFD5C4}] => (Block) F:\HRY\Tropico 6\Launcher\KalypsoLauncher.exe (Realmforge Studios GmbH -> Realmforge Studios GmbH)
FirewallRules: [{DE1C228A-D44E-4524-B9E7-6C1C78BCE758}] => (Block) F:\HRY\Tropico 6\Tropico6.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C310FDF9-B21F-447C-9EF2-36B3AECE1211}] => (Allow) H:\Save M3\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{CA8D4E48-4560-48D5-BE31-A27ED845D1A4}] => (Allow) H:\Save M3\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{AB3D07D1-F343-4745-8BBF-78334B41EA32}] => (Allow) F:\HRY\steamapps\common\Mafia II Definitive Edition\pc\Mafia2Launcher\Launcher.exe (2K Games) [File not signed]
FirewallRules: [{DC28A0FF-8FE0-4D12-A008-1796778B67A4}] => (Allow) F:\HRY\steamapps\common\Mafia II Definitive Edition\pc\Mafia2Launcher\Launcher.exe (2K Games) [File not signed]
FirewallRules: [{86E0D448-6185-4A51-90DB-9430ED1B4329}] => (Allow) F:\HRY\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [{7C982DB4-6B44-4F2A-A635-C871809AA911}] => (Allow) F:\HRY\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [UDP Query User{D4661799-D23E-4533-83A6-C2C6A7545F9B}F:\hry\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) F:\hry\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe (Coffee Stain Studios AB) [File not signed]
FirewallRules: [TCP Query User{0DA87577-EE79-4040-A5E9-EBB10F2799A8}F:\hry\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) F:\hry\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe (Coffee Stain Studios AB) [File not signed]
FirewallRules: [{03094065-5F70-4628-8F76-DFA6031A5541}] => (Block) F:\HRY\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{1BF8BDA1-08E5-45CD-847A-43885924B748}] => (Block) F:\HRY\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{D1B1E0D4-BF67-4836-B63A-5180CA8406A7}H:\save m3\utorrent\utorrent.exe] => (Allow) H:\save m3\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{00007AB2-B682-4F9C-ACBE-24F2321E234C}H:\save m3\utorrent\utorrent.exe] => (Allow) H:\save m3\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{399A67D6-461F-4138-92C0-6B2FAEBE8EA7}] => (Allow) F:\HRY\steamapps\common\Hobo Tough Life\HoboRPG.exe () [File not signed]
FirewallRules: [{72475320-D114-4E4A-8640-AD3179F3940C}] => (Allow) F:\HRY\steamapps\common\Hobo Tough Life\HoboRPG.exe () [File not signed]
FirewallRules: [{48678FC3-EB76-4E52-BBF6-6893A8786D04}] => (Allow) F:\HRY\steamapps\common\Mashinky\Mashinky.exe () [File not signed]
FirewallRules: [{09D65E45-2058-4F15-B4F6-BDE18F58A549}] => (Allow) F:\HRY\steamapps\common\Mashinky\Mashinky.exe () [File not signed]
FirewallRules: [{543019BC-5BAF-44E7-901E-3DE648A6A7BA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1CB6EFC2-C0BE-4CEE-94DF-427BD3BF2A2C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{B64001DA-3453-44D4-93DF-4362D7EA1B03}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8B65BDC9-A573-44FF-A639-36AF612E36AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D61AE92A-B187-45F8-A15D-9E607E8A2DBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6740B168-A83F-456C-AE30-EE1BA5E0571E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1C618533-F4BF-48F3-8261-D6B9E4BB5B1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A2846A9-9D31-4173-A32B-EBDEDD7D11B5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{232FD1BF-0726-4D91-A468-A7FBCC7E81BE}] => (Allow) F:\HRY\steamapps\common\Drive 4 Survive\Drive 4 Survive.exe () [File not signed]
FirewallRules: [{C77105B1-AFE8-4068-8AF1-1D51F7572E23}] => (Allow) F:\HRY\steamapps\common\Drive 4 Survive\Drive 4 Survive.exe () [File not signed]
FirewallRules: [{1585A176-532B-482B-A5C7-948BAED4A994}] => (Allow) F:\HRY\steamapps\common\The Wild Age\thewildage.exe () [File not signed]
FirewallRules: [{6BDAFE8F-8492-41DE-8C1D-DD891C1B953D}] => (Allow) F:\HRY\steamapps\common\The Wild Age\thewildage.exe () [File not signed]
FirewallRules: [{57589494-E832-4BE3-9586-6926A73E6414}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\Watch_Dogs\bin\Watch_Dogs.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [{4CFA18B1-D57A-444C-91A7-F8AE8291B635}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\Watch_Dogs\bin\Watch_Dogs.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [{3F621C9A-5699-412A-8147-04EA6FA36E8C}] => (Allow) F:\HRY\steamapps\common\Star Wars Empire at War\runme.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{EEDD052D-B510-4B73-B68E-73FA7FA76E62}] => (Allow) F:\HRY\steamapps\common\Star Wars Empire at War\runme.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{49E93D7D-A96D-41BA-B966-C3D0579C5F8B}] => (Allow) F:\HRY\steamapps\common\Star Wars Empire at War\runme2.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{CFC8BBBF-075B-4D40-948A-23EDFF21C96A}] => (Allow) F:\HRY\steamapps\common\Star Wars Empire at War\runme2.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{8AE43CF5-BC4F-40AA-AE08-6EF395011248}] => (Allow) F:\HRY\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{F095B4BA-A46C-4091-BA28-3C7C2D5CCFE6}] => (Allow) F:\HRY\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{C1E3C1E3-DB8E-48F6-BD46-958ED58F1902}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{16664395-1F90-4CBC-B7E6-7CDC6414A4FB}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{16B68D2B-CA03-4DE2-9F6D-CBD0E6829173}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\bin_plus\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{06560D53-284E-4B1B-B618-E3A7E2A9A6CF}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\bin_plus\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{E3AFE094-9278-439B-A9C0-8D888C8817D1}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{5653E566-A605-458C-BEAE-60B461825440}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{FD4FC209-F226-4B45-85D6-DC866AD32EA3}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\Tom Clancy's Ghost Recon Wildlands\GRW_Upp.exe (Blue Byte GmbH -> )
FirewallRules: [TCP Query User{C4486029-B581-46AE-A011-BE46619B24BF}F:\hry\ubisoft game launcher\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) F:\hry\ubisoft game launcher\games\tom clancy's ghost recon wildlands\grw.exe (Blue Byte GmbH -> )
FirewallRules: [UDP Query User{C7615364-DFAE-459E-9BFA-5010544D5A19}F:\hry\ubisoft game launcher\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) F:\hry\ubisoft game launcher\games\tom clancy's ghost recon wildlands\grw.exe (Blue Byte GmbH -> )
FirewallRules: [{33AE8F15-A7F2-4F2D-BED2-A6793B20C354}] => (Allow) F:\HRY\AC\AssassinsCreedSyndicate\ACS.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{9268913E-638E-456E-823C-6AEF0FF44E62}] => (Allow) F:\HRY\AC\Assassin's Creed III\AC3SP.exe (Ubisoft Entertainment -> )
FirewallRules: [{1B7EAF54-8DFB-4645-804F-EE080EEA92F8}] => (Allow) F:\HRY\AC\Assassin's Creed III\AC3SP.exe (Ubisoft Entertainment -> )
FirewallRules: [{0C8E9339-497A-4768-A566-5940C704E01F}] => (Allow) F:\HRY\AC\Assassin's Creed III\AC3MP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{6AF39E45-A1A8-496E-933C-203FD5C8A4C2}] => (Allow) F:\HRY\AC\Assassin's Creed III\AC3MP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{12BC0965-85A3-49B7-A9CF-3DDD0BCE9574}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2C5B84B2-0683-4983-9039-245E872B27DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{18B7258B-E1B4-457B-96EE-2CDBEF46EE6F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{21D4805B-A2EF-4926-BACA-CD740C6890F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{9CD2C7C9-C374-42C2-827A-09F149DB8748}] => (Allow) F:\HRY\AC\Assassin's Creed II\AssassinsCreedIIGame.exe (Ubisoft Entertainment -> )
FirewallRules: [{AA9C0709-1826-4FBC-B159-0C99AF310FA4}] => (Allow) F:\HRY\AC\Assassin's Creed II\AssassinsCreedIIGame.exe (Ubisoft Entertainment -> )
FirewallRules: [{DA361D88-1441-4A4B-94BA-7F01C9BF32D8}] => (Allow) F:\HRY\AC\Assassin's Creed Unity\ACU.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{AC9BB320-4C27-412C-B22D-B012678492A5}] => (Allow) F:\HRY\AC\Assassin's Creed Unity\ACU.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{76A8ECB2-BE29-4CC5-AB02-A5182FBC1FA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{256A94D7-C591-4C10-8CCF-B5CF408662FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{34ACA844-8D83-4636-9EA8-E20A9C059FF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F2FDAD18-DE42-448E-A126-9E8A859406E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E2D2C2D2-1579-4492-8887-9FE5045F5841}] => (Allow) F:\HRY\steamapps\common\Gothic\system\GOTHIC.EXE (Piranha Bytes Software GmbH) [File not signed]
FirewallRules: [{E2CC0DAE-95E2-4DEC-89F7-07BEF48CB561}] => (Allow) F:\HRY\steamapps\common\Gothic\system\GOTHIC.EXE (Piranha Bytes Software GmbH) [File not signed]
FirewallRules: [TCP Query User{D1D9CB97-50C5-44A8-A912-BE99DA76E6C7}F:\hry\anno 1701 - history edition\anno1701.exe] => (Allow) F:\hry\anno 1701 - history edition\anno1701.exe (Ubisoft Blue Byte GmbH -> )
FirewallRules: [UDP Query User{72AC45D4-87FB-44E5-B473-57D15002CBCE}F:\hry\anno 1701 - history edition\anno1701.exe] => (Allow) F:\hry\anno 1701 - history edition\anno1701.exe (Ubisoft Blue Byte GmbH -> )
FirewallRules: [{597978D7-903B-453B-A2F0-D0E06FFD37F6}] => (Block) F:\HRY\AGFY-Subnautica.v63668\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{040A3722-59F1-4F58-96F0-84493929E287}] => (Block) F:\HRY\AGFY-Subnautica.v63668\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{4ABF2E53-FE63-4D38-BA7D-B316016C0CCA}] => (Allow) F:\HRY\GTA\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{42E26A28-78FD-49DA-9B98-5DBDFA071D51}] => (Allow) F:\HRY\GTA\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{6D0AE0EA-E08D-41A0-BBD7-6DF455859902}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{1160C730-A299-422E-AAD7-0234A0B7C981}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{06E99787-49AC-43C7-81F0-552A235B91C3}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{693EC341-C955-4B29-B116-C892245D7CA6}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{2DF03929-7091-4388-897D-D9A469C795E4}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{6E3E4396-7CF9-4A29-8371-A062F8401D2C}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{BE010B2A-646A-4C7A-B7E7-E03F83225662}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{483676FB-2AEC-4BD4-9662-3EF5C368DB14}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [TCP Query User{D95A6182-87BC-49BE-9558-01C9BEE6564F}F:\hry\valheim.v0.142.6\valheim.exe] => (Allow) F:\hry\valheim.v0.142.6\valheim.exe => No File
FirewallRules: [UDP Query User{609A53B6-74A3-43E3-A9D7-95E48BF9AA75}F:\hry\valheim.v0.142.6\valheim.exe] => (Allow) F:\hry\valheim.v0.142.6\valheim.exe => No File
FirewallRules: [{2525EA99-A778-47E2-B884-39131F0AFF49}] => (Block) F:\HRY\Valheim.v0.142.6\valheim.exe => No File
FirewallRules: [{5E56AEE9-0CCB-4645-8390-B4C8B1252E58}] => (Block) F:\HRY\Valheim.v0.142.6\valheim.exe => No File
FirewallRules: [{5F5B010F-09CF-4D27-AB4A-D2D77FE6E99C}] => (Allow) F:\HRY\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{3A6D9E9A-2C29-45E7-94AD-C63640679542}] => (Allow) F:\HRY\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{2B05871E-1659-42BB-BBEF-0A98E7D11050}] => (Allow) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{1FC57F1C-BDF6-4E01-A3AF-76324ADBD12E}] => (Allow) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{CED66BE0-3A8F-4FC4-B541-578C35823620}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{00463ADC-A205-412A-BAE0-1E5CBEAFE106}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{5482777F-0D86-4C98-97D3-3DF354A43694}] => (Allow) F:\HRY\steamapps\common\Metro 2033\metro2033.exe (THQ, Inc. -> 4A Games)
FirewallRules: [{291164F6-F016-4EE2-920B-8B51EDCA3E24}] => (Allow) F:\HRY\steamapps\common\Metro 2033\metro2033.exe (THQ, Inc. -> 4A Games)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:126.95 GB) (Free:41.89 GB) (33%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/14/2021 10:50:33 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Stroj)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/14/2021 10:13:12 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Stroj)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/14/2021 10:11:18 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1017) (User: NT AUTHORITY)
Description: Sběr dat čítače výkonu od služby BITS byl vypnut z důvodu jedné nebo více chyb generovaných knihovnou čítače výkonu pro tuto službu. Chyby, které vyvolaly tuto akci, byly zapsány do protokolu událostí aplikace. Opravte tyto chyby před novým zapnutím čítačů výkonu pro tuto službu.

Error: (03/14/2021 10:11:18 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1009) (User: NT AUTHORITY)
Description: Procedura Open v knihovně DLL rozšiřitelných čítačů C:\Windows\System32\bitsperf.dll pro službu BITS vygenerovala výjimku 3221225477 v adrese 0x7ffe4ac1c44d. Data o výkonu pro tuto službu nebudou k dispozici.

Error: (03/14/2021 10:04:52 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (03/14/2021 02:24:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program GameBar.exe verze 5.521.2012.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1f68

Čas spuštění: 01d718d3ef3e301c

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe

ID hlášení: 5ed63985-2b0f-4377-a066-5a0fbc0b84b8

Úplný název balíčku s chybou: Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Navigation

Error: (03/14/2021 02:17:58 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Stroj)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/13/2021 08:56:03 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na (F:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)


System errors:
=============
Error: (03/14/2021 11:13:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba PnkBstrA byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/14/2021 10:11:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/14/2021 06:29:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba StopUpdates10 Guard je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/14/2021 02:12:52 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684Při zpracování obnovovacích dat došlo k závažné chybě.

Error: (03/14/2021 02:13:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (7:22:47, ‎14.‎3.‎2021) bylo neočekávané.

Error: (03/13/2021 01:16:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (5:48:48, ‎13.‎3.‎2021) bylo neočekávané.

Error: (03/13/2021 01:15:56 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684Při zpracování obnovovacích dat došlo k závažné chybě.

Error: (03/12/2021 02:58:57 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 3221225684Při zpracování obnovovacích dat došlo k závažné chybě.


Windows Defender:
================
Date: 2021-03-14 21:20:17
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: Stroj\Tom78
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.333.404.0, AS: 1.333.404.0, NIS: 1.333.404.0
Verze modulu: AM: 1.1.17900.7, NIS: 1.1.17900.7

Date: 2021-03-12 16:13:53
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3138FE1E-E48E-4E1B-B5E8-1D150952E6D0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-12 15:10:53
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B1D10F24-26A6-448C-8EB6-5DD7C8CE1F1A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 16:19:20
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {70249C1F-F5D1-468C-A45B-8B0E8293FEA1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 14:35:18
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6691249D-F56B-4AFE-B9B3-A8B6407B4553}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-03-13 13:19:19
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 2107 08/08/2014
Motherboard: ASUSTeK COMPUTER INC. B85-PLUS
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 46%
Total physical RAM: 8097.73 MB
Available physical RAM: 4361.13 MB
Total Virtual: 16289.73 MB
Available Virtual: 9678.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:126.95 GB) (Free:41.89 GB) NTFS
Drive d: (Hry) (Fixed) (Total:226.74 GB) (Free:46.98 GB) NTFS
Drive e: () (Fixed) (Total:134.65 GB) (Free:84.18 GB) NTFS
Drive f: () (Fixed) (Total:931.41 GB) (Free:206.37 GB) NTFS
Drive h: (Záloha) (Fixed) (Total:443.16 GB) (Free:281.3 GB) NTFS
Drive i: () (RAMDisk) (Total:126.95 GB) (Free:42.5 GB) NTFS

\\?\Volume{954ccc49-a461-11e6-a407-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

[Diallix]

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

[pan Hankey]

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-03-09.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-15-2021
# Duration: 00:00:09
# OS: Windows 10 Home
# Scanned: 3681
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

[pan Hankey]

Ve správci úloh jsem našel tohle.

http://leteckaposta.cz/744547953

[Diallix]

Mozete ten obrazok, prosim, nahrat sem do prilohy? Nejde mi stiahnut.

[pan Hankey]

Tady to je.

stopUpdateWin10.jpg (25 KiB) Zobrazeno 1123 x

[Diallix]

Vycistime to.

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22\TG_1.4.84.69.exe
C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22
C:\Windows\F1VPIJD6

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Policies\Explorer: [NoSecurityTab] 1
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {A7128F6C-5084-4C23-9B18-2152FEC5098D} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {CB849B93-CF86-4F07-8AD9-4A67A23DAC26} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineIS => C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22\TG_1.4.84.69.exe (Access Denied) <==== ATTENTION
S2 SU10Guard; C:\Windows\F1VPIJD6\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [{D95781B6-BE6B-4B11-AF5F-8E0159407139}] => (Allow) F:\HRY\Life is Feudal MMO\launcher.exe => No File
FirewallRules: [{23224F4D-E512-4592-ADE7-CF2D06AD0F6F}] => (Allow) F:\HRY\Life is Feudal MMO\launcher.exe => No File
FirewallRules: [{543019BC-5BAF-44E7-901E-3DE648A6A7BA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1CB6EFC2-C0BE-4CEE-94DF-427BD3BF2A2C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{12BC0965-85A3-49B7-A9CF-3DDD0BCE9574}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2C5B84B2-0683-4983-9039-245E872B27DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{18B7258B-E1B4-457B-96EE-2CDBEF46EE6F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{21D4805B-A2EF-4926-BACA-CD740C6890F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{6D0AE0EA-E08D-41A0-BBD7-6DF455859902}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{1160C730-A299-422E-AAD7-0234A0B7C981}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D95A6182-87BC-49BE-9558-01C9BEE6564F}F:\hry\valheim.v0.142.6\valheim.exe] => (Allow) F:\hry\valheim.v0.142.6\valheim.exe => No File
FirewallRules: [UDP Query User{609A53B6-74A3-43E3-A9D7-95E48BF9AA75}F:\hry\valheim.v0.142.6\valheim.exe] => (Allow) F:\hry\valheim.v0.142.6\valheim.exe => No File
FirewallRules: [{2525EA99-A778-47E2-B884-39131F0AFF49}] => (Block) F:\HRY\Valheim.v0.142.6\valheim.exe => No File
FirewallRules: [{5E56AEE9-0CCB-4645-8390-B4C8B1252E58}] => (Block) F:\HRY\Valheim.v0.142.6\valheim.exe => No File

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

[Diallix]

Vycistime to.

Do poznamkoveho bloku skopirujte obsah dole:

Kód: Vybrat vše

CloseProcesses:
CreateRestorePoint:

C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22\TG_1.4.84.69.exe
C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22
C:\Windows\F1VPIJD6

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Policies\Explorer: [NoSecurityTab] 1
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {A7128F6C-5084-4C23-9B18-2152FEC5098D} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {CB849B93-CF86-4F07-8AD9-4A67A23DAC26} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineIS => C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22\TG_1.4.84.69.exe (Access Denied) <==== ATTENTION
S2 SU10Guard; C:\Windows\F1VPIJD6\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [{D95781B6-BE6B-4B11-AF5F-8E0159407139}] => (Allow) F:\HRY\Life is Feudal MMO\launcher.exe => No File
FirewallRules: [{23224F4D-E512-4592-ADE7-CF2D06AD0F6F}] => (Allow) F:\HRY\Life is Feudal MMO\launcher.exe => No File
FirewallRules: [{543019BC-5BAF-44E7-901E-3DE648A6A7BA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1CB6EFC2-C0BE-4CEE-94DF-427BD3BF2A2C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{12BC0965-85A3-49B7-A9CF-3DDD0BCE9574}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2C5B84B2-0683-4983-9039-245E872B27DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{18B7258B-E1B4-457B-96EE-2CDBEF46EE6F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{21D4805B-A2EF-4926-BACA-CD740C6890F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{6D0AE0EA-E08D-41A0-BBD7-6DF455859902}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{1160C730-A299-422E-AAD7-0234A0B7C981}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D95A6182-87BC-49BE-9558-01C9BEE6564F}F:\hry\valheim.v0.142.6\valheim.exe] => (Allow) F:\hry\valheim.v0.142.6\valheim.exe => No File
FirewallRules: [UDP Query User{609A53B6-74A3-43E3-A9D7-95E48BF9AA75}F:\hry\valheim.v0.142.6\valheim.exe] => (Allow) F:\hry\valheim.v0.142.6\valheim.exe => No File
FirewallRules: [{2525EA99-A778-47E2-B884-39131F0AFF49}] => (Block) F:\HRY\Valheim.v0.142.6\valheim.exe => No File
FirewallRules: [{5E56AEE9-0CCB-4645-8390-B4C8B1252E58}] => (Block) F:\HRY\Valheim.v0.142.6\valheim.exe => No File

EmptyTemp:

Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

[pan Hankey]

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by Tom78 (15-03-2021 17:11:56) Run:1
Running from C:\Users\Tom78\Desktop
Loaded Profiles: Tom78
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22\TG_1.4.84.69.exe
C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22
C:\Windows\F1VPIJD6

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706680 2020-12-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Policies\Explorer: [NoSecurityTab] 1
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {A7128F6C-5084-4C23-9B18-2152FEC5098D} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {CB849B93-CF86-4F07-8AD9-4A67A23DAC26} - System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineIS => C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22\TG_1.4.84.69.exe (Access Denied) <==== ATTENTION
S2 SU10Guard; C:\Windows\F1VPIJD6\SU10Guard.exe [72776 2020-05-30] (Greatis Software LLC -> Greatis Software, LLC)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [{D95781B6-BE6B-4B11-AF5F-8E0159407139}] => (Allow) F:\HRY\Life is Feudal MMO\launcher.exe => No File
FirewallRules: [{23224F4D-E512-4592-ADE7-CF2D06AD0F6F}] => (Allow) F:\HRY\Life is Feudal MMO\launcher.exe => No File
FirewallRules: [{543019BC-5BAF-44E7-901E-3DE648A6A7BA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{1CB6EFC2-C0BE-4CEE-94DF-427BD3BF2A2C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{12BC0965-85A3-49B7-A9CF-3DDD0BCE9574}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{2C5B84B2-0683-4983-9039-245E872B27DB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{18B7258B-E1B4-457B-96EE-2CDBEF46EE6F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{21D4805B-A2EF-4926-BACA-CD740C6890F6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [TCP Query User{6D0AE0EA-E08D-41A0-BBD7-6DF455859902}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [UDP Query User{1160C730-A299-422E-AAD7-0234A0B7C981}C:\program files\java\jre1.8.0_271\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_271\bin\javaw.exe => No File
FirewallRules: [TCP Query User{D95A6182-87BC-49BE-9558-01C9BEE6564F}F:\hry\valheim.v0.142.6\valheim.exe] => (Allow) F:\hry\valheim.v0.142.6\valheim.exe => No File
FirewallRules: [UDP Query User{609A53B6-74A3-43E3-A9D7-95E48BF9AA75}F:\hry\valheim.v0.142.6\valheim.exe] => (Allow) F:\hry\valheim.v0.142.6\valheim.exe => No File
FirewallRules: [{2525EA99-A778-47E2-B884-39131F0AFF49}] => (Block) F:\HRY\Valheim.v0.142.6\valheim.exe => No File
FirewallRules: [{5E56AEE9-0CCB-4645-8390-B4C8B1252E58}] => (Block) F:\HRY\Valheim.v0.142.6\valheim.exe => No File

EmptyTemp:



*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
"C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22\TG_1.4.84.69.exe" => not found
C:\WINDOWS\SysWOW64\XPSViewer\TasksG\G-1-83-22 => moved successfully
C:\Windows\F1VPIJD6 => moved successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GalaxyClient" => removed successfully
"HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSecurityTab" => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dismHost.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\EOSNOTIFY.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\InstallAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MusNotification.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MUSNOTIFICATIONUX.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\remsh.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SIHClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UpdateAssistant.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UPFC.EXE => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\UsoClient.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WaaSMedic.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WaasMedicAgent.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Windows10Upgrade.exe => removed successfully
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\WINDOWS10UPGRADERAPP.EXE => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7128F6C-5084-4C23-9B18-2152FEC5098D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7128F6C-5084-4C23-9B18-2152FEC5098D}" => removed successfully
C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\USER_ESRV_SVC_QUEENCREEK" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB849B93-CF86-4F07-8AD9-4A67A23DAC26}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB849B93-CF86-4F07-8AD9-4A67A23DAC26}" => removed successfully
Could not move "C:\WINDOWS\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineIS" => Scheduled to move on reboot.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Google\GoogleUpdateTaskMachineIS" => removed successfully
HKLM\System\CurrentControlSet\Services\SU10Guard => removed successfully
SU10Guard => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6 => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive7 => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\SunJavaUpdateSched" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D95781B6-BE6B-4B11-AF5F-8E0159407139}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{23224F4D-E512-4592-ADE7-CF2D06AD0F6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{543019BC-5BAF-44E7-901E-3DE648A6A7BA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1CB6EFC2-C0BE-4CEE-94DF-427BD3BF2A2C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12BC0965-85A3-49B7-A9CF-3DDD0BCE9574}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2C5B84B2-0683-4983-9039-245E872B27DB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{18B7258B-E1B4-457B-96EE-2CDBEF46EE6F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21D4805B-A2EF-4926-BACA-CD740C6890F6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6D0AE0EA-E08D-41A0-BBD7-6DF455859902}C:\program files\java\jre1.8.0_271\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1160C730-A299-422E-AAD7-0234A0B7C981}C:\program files\java\jre1.8.0_271\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D95A6182-87BC-49BE-9558-01C9BEE6564F}F:\hry\valheim.v0.142.6\valheim.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{609A53B6-74A3-43E3-A9D7-95E48BF9AA75}F:\hry\valheim.v0.142.6\valheim.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2525EA99-A778-47E2-B884-39131F0AFF49}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5E56AEE9-0CCB-4645-8390-B4C8B1252E58}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12869632 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 172334285 B
Java, Flash, Steam htmlcache => 609806582 B
Windows/system/drivers => 62537701 B
Edge => 4096 B
Firefox => 1193081033 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 587724 B
NetworkService => 746414 B
Tom78 => 27940723 B

RecycleBin => 0 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 15-03-2021 17:17:49)

C:\WINDOWS\System32\Tasks\Microsoft\Windows\Google\GoogleUpdateTaskMachineIS => Is moved successfully

==== End of Fixlog 17:17:49 ====

[Diallix]

Dobre.

Poprosim o nove logy FRST + ADDITION.

[pan Hankey]

Pořád je to bohužel stejný. Logy jsou zde.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2021
Ran by Tom78 (administrator) on STROJ (ASUS All Series) (15-03-2021 17:34:19)
Running from C:\Users\Tom78\Desktop
Loaded Profiles: Tom78
Platform: Windows 10 Home Version 2004 19041.804 (X64) Language: Čeština (Česko)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Discord Inc. -> Discord Inc.) C:\Users\Tom78\AppData\Local\Discord\app-0.0.309\Discord.exe <6>
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key 2021 -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel(R) System Usage Report -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.740_none_e752aa59261f271f\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-11-11] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [68822328 2021-02-12] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [286064 2021-01-25] (IDSA Production signing key 2021 -> Intel)
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe [383488 2021-03-01] (Microsoft Windows -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B3DF736-C9D1-4654-B280-3167B18976A2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0F394143-FC6F-49E8-96D8-62BEAF881724} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {16165489-B047-4F32-AE2F-0B8FC3EE4266} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2F8B60BB-D329-4FE4-81D1-EC6438C6722D} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-02-26] (Overwolf Ltd -> Overwolf LTD)
Task: {3F605241-775B-400C-855C-C8B7737F3BE9} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {66355CC9-FD99-4455-BB09-A5E02A72AA7B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6888B1FA-5929-4C01-B3AA-497958DD444D} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3301176 2020-10-20] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {71F283E7-596E-479C-AF65-5E5219C62AFE} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [874472 2020-10-17] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {75FBC15C-4707-4ABA-ACE3-8AE813DD3C67} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {76EE904A-80AF-40E4-AEE3-F7CEB017918F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {78043D10-D210-4D1A-B1FD-3C72DC2BD463} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3098912 2020-11-05] (Intel(R) System Usage Report -> Intel Corporation)
Task: {8AC4B7AD-124E-47CE-ADB3-22A29DF7CF57} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {91D7D07A-E098-4258-BFBC-8EF00DBF034A} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1128424 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A391F36A-B967-4608-9F8B-83E903096B96} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B1148C29-B59F-4B31-B6B7-3ABC1FA45664} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694256 2021-03-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {BC45CEEE-E183-43DB-B517-12CFD746AFBA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5623898-B15F-4517-A160-91A697C8EEB8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DD822769-7A61-4231-91ED-838BA4C24846} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E0214C33-BD0A-44AB-ADC6-284CC8E0467A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-10-19] (NVIDIA Corporation -> NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 185.73.101.1 185.73.108.1
Tcpip\..\Interfaces\{18e5d354-c0de-4224-a18f-5896fdf53c09}: [DhcpNameServer] 185.73.101.1 185.73.108.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Tom78\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-15]
Edge Session Restore: Default -> is enabled.
Edge Extension: (Adblock Complete) - C:\Users\Tom78\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fbobegkkdmmcnmoplkgdmfhdlkjfelnb [2021-01-17]
Edge Extension: (Word) - C:\Users\Tom78\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-20]
Edge Extension: (Excel) - C:\Users\Tom78\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-20]

FireFox:
========
FF DefaultProfile: 3tpdidnb.default
FF ProfilePath: C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\3tpdidnb.default [2021-03-15]
FF ProfilePath: C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\x0rbafew.default-release [2021-03-15]
FF Session Restore: Mozilla\Firefox\Profiles\x0rbafew.default-release -> is enabled.
FF Notifications: Mozilla\Firefox\Profiles\x0rbafew.default-release -> hxxps://www.facebook.com; hxxps://www.instagram.com
FF Extension: (uBlock Origin) - C:\Users\Tom78\AppData\Roaming\Mozilla\Firefox\Profiles\x0rbafew.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-03-12]
FF Plugin: @java.com/DTPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\dtplugin\npDeployJava1.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.281.2 -> C:\Program Files\Java\jre1.8.0_281\bin\plugin2\npjp2.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936456 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [802432 2020-11-11] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [439880 2021-01-05] (Epic Games Inc. -> Epic Games, Inc.)
S3 FvSvc; C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe [287720 2020-10-19] (NVIDIA Corporation -> NVIDIA)
S3 GalaxyClientService; F:\HRY\GOG Galaxy\GalaxyClientService.exe [1728072 2020-10-01] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-10-01] (GOG Sp. z o.o. -> GOG.com)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2491736 2021-02-26] (Overwolf Ltd -> Overwolf LTD)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2020-11-23] (Even Balance, Inc. -> )
S3 Rockstar Service; F:\HRY\GTA\Launcher\RockstarService.exe [1631360 2020-12-02] (Rockstar Games, Inc. -> Rockstar Games)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15368 2015-05-13] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2016-12-02] (Disc Soft Ltd -> Disc Soft Ltd)
S3 Ser2pl; C:\WINDOWS\System32\drivers\ser2pl64.sys [227248 2017-10-30] (WDKTestCert charles-yeh,131345514351795974 -> Prolific Technology Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49544 2021-03-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [420088 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-06] (Microsoft Windows -> Microsoft Corporation)
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-15 17:11 - 2021-03-15 17:17 - 000014759 _____ C:\Users\Tom78\Desktop\Fixlog.txt
2021-03-15 14:58 - 2021-03-15 14:59 - 000000000 ____D C:\AdwCleaner
2021-03-15 14:55 - 2021-03-15 14:55 - 008463216 _____ (Malwarebytes) C:\Users\Tom78\Desktop\adwcleaner_8.1.exe
2021-03-15 01:36 - 2021-03-15 01:38 - 000044136 _____ C:\Users\Tom78\Desktop\Addition.txt
2021-03-15 01:33 - 2021-03-15 17:35 - 000014404 _____ C:\Users\Tom78\Desktop\FRST.txt
2021-03-14 23:49 - 2021-03-15 17:34 - 000000000 ____D C:\FRST
2021-03-14 23:47 - 2021-03-14 23:47 - 002300928 _____ (Farbar) C:\Users\Tom78\Desktop\FRST64.exe
2021-03-14 22:45 - 2021-03-15 17:15 - 083099648 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-03-14 22:36 - 2021-03-14 22:44 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-03-14 21:09 - 2020-02-27 07:54 - 000000000 ____D C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2034
2021-03-14 21:09 - 2019-09-26 09:57 - 000000000 ____D C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2035
2021-03-14 18:34 - 2021-03-14 19:48 - 1229937801 _____ C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2035 - (Audiokniha).rar
2021-03-14 17:53 - 2021-03-14 17:53 - 000570983 _____ C:\Users\Tom78\Downloads\Metro 2033 V05.01.2019 Trainer +6.rar
2021-03-14 17:43 - 2021-03-14 17:43 - 000010546 _____ C:\Users\Tom78\Downloads\Metro 2033 v20170305 Trainer-LIRW.rar
2021-03-14 17:29 - 2021-03-14 17:29 - 000000000 ____D C:\Users\Tom78\Documents\4A Games
2021-03-14 17:29 - 2021-03-14 17:29 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\NVIDIA
2021-03-14 17:17 - 2011-02-06 12:07 - 000367538 _____ C:\Users\Tom78\Downloads\Metro 2033 - návod.pdf
2021-03-14 17:12 - 2021-03-14 17:13 - 000000000 ____D C:\Users\Tom78\Downloads\Metro 2033
2021-03-14 17:04 - 2021-03-14 17:05 - 262449168 _____ ( ) C:\Users\Tom78\Downloads\WinCheater2_complete_setup.exe
2021-03-14 16:54 - 2021-03-14 17:28 - 584979970 _____ C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2034 - (Audiokniha).rar
2021-03-14 16:20 - 2019-09-11 18:05 - 000000000 ____D C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2033 - (Audiokniha)
2021-03-14 15:08 - 2021-03-14 16:19 - 956928289 _____ C:\Users\Tom78\Downloads\Glukhovsky, Dmitry - Metro 2033 - (Audiokniha).rar
2021-03-14 14:59 - 2021-03-14 14:59 - 000000221 _____ C:\Users\Tom78\Desktop\Metro 2033.url
2021-03-13 05:48 - 2021-03-13 05:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-03-10 17:02 - 2021-03-11 01:49 - 000000000 ____D C:\Users\Tom78\Downloads\After Life
2021-03-09 15:56 - 2021-03-09 15:56 - 073200891 _____ C:\Users\Tom78\Downloads\Valhaim - Advanced Building Tips and Tricks.mp4
2021-03-09 15:44 - 2021-03-09 15:45 - 072284616 _____ C:\Users\Tom78\Downloads\Valheim - Large Dock House.mp4
2021-03-09 15:33 - 2021-03-09 15:35 - 218698318 _____ C:\Users\Tom78\Downloads\Valheim - Viking House - Log Cabin.mp4
2021-03-09 14:55 - 2021-03-09 14:55 - 000001345 _____ C:\Users\Tom78\Desktop\IronGate – zástupce.lnk
2021-03-06 02:58 - 2021-03-06 02:58 - 000000000 ____D C:\Users\Tom78\Downloads\366 dní za katrem
2021-03-03 16:58 - 2021-03-03 16:58 - 000000000 ____D C:\Users\Tom78\Downloads\nefunguje
2021-03-01 15:11 - 2021-03-01 15:11 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-03-01 15:11 - 2021-03-01 15:11 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-03-01 15:11 - 2021-03-01 15:11 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-03-01 15:11 - 2021-03-01 15:11 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-03-01 15:11 - 2021-03-01 15:11 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-03-01 15:11 - 2021-03-01 15:11 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-03-01 15:11 - 2021-03-01 15:11 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-03-01 15:10 - 2021-03-01 15:10 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-03-01 15:10 - 2021-03-01 15:10 - 001314112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-03-01 15:10 - 2021-03-01 15:10 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-03-01 15:10 - 2021-03-01 15:10 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-03-01 15:10 - 2021-03-01 15:10 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-03-01 15:10 - 2021-03-01 15:10 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-03-01 15:10 - 2021-03-01 15:10 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-03-01 15:10 - 2021-03-01 15:10 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-03-01 15:10 - 2021-03-01 15:10 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-03-01 15:10 - 2021-03-01 15:10 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-03-01 15:10 - 2021-03-01 15:10 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-03-01 15:10 - 2021-03-01 15:10 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-03-01 15:10 - 2021-03-01 15:10 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-03-01 15:10 - 2021-03-01 15:10 - 000010892 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-03-01 15:09 - 2021-03-01 15:09 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-03-01 15:09 - 2021-03-01 15:09 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-03-01 15:09 - 2021-03-01 15:09 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-03-01 15:09 - 2021-03-01 15:09 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-03-01 15:09 - 2021-03-01 15:09 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-03-01 15:09 - 2021-03-01 15:09 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-03-01 15:08 - 2021-03-01 15:08 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-03-01 15:08 - 2021-03-01 15:08 - 001162240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-03-01 15:08 - 2021-03-01 15:08 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-03-01 15:08 - 2021-03-01 15:08 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-03-01 15:08 - 2021-03-01 15:08 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-03-01 15:08 - 2021-03-01 15:08 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-03-01 15:08 - 2021-03-01 15:08 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-03-01 15:08 - 2021-03-01 15:08 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-03-01 15:07 - 2021-03-01 15:07 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-03-01 15:07 - 2021-03-01 15:07 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-03-01 15:07 - 2021-03-01 15:07 - 000231232 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-03-01 15:07 - 2021-03-01 15:07 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-03-01 15:07 - 2021-03-01 15:07 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-02-27 13:56 - 2021-02-27 14:57 - 1078939948 _____ C:\Users\Tom78\Downloads\Lovci pokladů 2 - Kniha tajemství (2007).mp4
2021-02-27 03:22 - 2021-02-27 05:29 - 2298569469 _____ C:\Users\Tom78\Downloads\Lovci Pokladú (National Treasure 2004).mkv
2021-02-26 00:57 - 2021-02-28 17:41 - 000001066 _____ C:\Users\Tom78\Desktop\Valheim – zástupce.lnk
2021-02-26 00:52 - 2021-02-26 00:52 - 000000222 _____ C:\Users\Tom78\Desktop\Valheim.url
2021-02-20 04:09 - 2021-02-20 04:09 - 073541681 _____ C:\Users\Tom78\Downloads\Valheim Complete Guide All Bosses Locations All Materials.mp4
2021-02-19 04:22 - 2021-02-19 04:42 - 000000723 _____ C:\Users\Tom78\Documents\ClownfishVoiceChanger.ini
2021-02-19 04:22 - 2021-02-19 04:22 - 000000000 ____D C:\Users\Tom78\Documents\ClownfishSoundTemp
2021-02-19 04:22 - 2021-02-19 04:22 - 000000000 ____D C:\Users\Tom78\Documents\ClownfishCustomVocoders
2021-02-19 04:22 - 2021-02-19 04:22 - 000000000 ____D C:\Users\Tom78\Documents\ClownfishCustomSounds
2021-02-19 04:22 - 2021-02-19 04:22 - 000000000 ____D C:\Users\Tom78\Documents\Clownfish_VST_cfg
2021-02-18 16:15 - 2021-02-18 16:16 - 053014036 _____ C:\Users\Tom78\Downloads\VALHEIM - CREATIVE MODE.mp4
2021-02-17 15:17 - 2021-03-13 16:11 - 000000000 ____D C:\Users\Tom78\Downloads\valheim - MODS
2021-02-17 14:42 - 2021-02-17 14:42 - 000825556 _____ C:\Users\Tom78\Downloads\t115800.pdf
2021-02-16 03:01 - 2021-02-16 03:03 - 235317697 _____ C:\Users\Tom78\Downloads\Valheim - Longhouse.mp4
2021-02-15 00:07 - 2021-02-15 00:07 - 000000000 ____D C:\Users\Tom78\AppData\LocalLow\IronGate

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-15 17:37 - 2020-09-07 01:31 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-15 17:37 - 2018-09-10 14:27 - 000000000 ____D C:\Users\Tom78\AppData\LocalLow\Mozilla
2021-03-15 17:36 - 2020-10-06 21:33 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\discord
2021-03-15 17:21 - 2020-10-09 02:36 - 001693200 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-03-15 17:21 - 2019-12-07 15:41 - 000716602 _____ C:\WINDOWS\system32\perfh005.dat
2021-03-15 17:21 - 2019-12-07 15:41 - 000144780 _____ C:\WINDOWS\system32\perfc005.dat
2021-03-15 17:21 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-03-15 17:20 - 2021-02-12 16:41 - 000002231 _____ C:\Users\Tom78\Desktop\Discord.lnk
2021-03-15 17:19 - 2020-09-07 00:27 - 000000000 ____D C:\ProgramData\NVIDIA
2021-03-15 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-15 17:17 - 2020-12-07 21:59 - 000000000 ____D C:\Users\Tom78\Documents\Assassin's Creed Unity
2021-03-15 17:16 - 2020-10-09 02:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-15 17:15 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-03-15 17:14 - 2020-01-21 03:15 - 000000000 ____D C:\Users\Tom78\AppData\LocalLow\Temp
2021-03-15 14:49 - 2020-10-09 02:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-03-15 02:01 - 2020-09-07 03:21 - 000000000 ____D C:\Users\Tom78\AppData\Local\CrashDumps
2021-03-15 01:10 - 2020-09-10 14:01 - 000002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-15 01:10 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-15 01:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-03-15 00:42 - 2020-09-07 02:31 - 000000000 ____D C:\Program Files (x86)\Steam
2021-03-15 00:40 - 2020-09-21 18:03 - 000001036 _____ C:\Users\Tom78\Desktop\Steam.lnk
2021-03-14 22:03 - 2020-09-07 00:56 - 000000000 ____D C:\Users\Tom78\AppData\Local\Packages
2021-03-14 17:31 - 2021-02-05 01:31 - 000000000 ____D C:\Users\Tom78\AppData\Local\4A Games
2021-03-13 13:16 - 2020-09-07 01:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-03-13 13:16 - 2020-09-07 01:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-03-13 05:48 - 2020-09-07 01:31 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-03-12 20:11 - 2020-09-07 01:35 - 000000000 ____D C:\Users\Tom78\AppData\Local\D3DSCache
2021-03-11 15:47 - 2020-09-21 18:03 - 000000871 _____ C:\Users\Tom78\Desktop\Epic Games Launcher.lnk
2021-03-10 16:04 - 2020-09-07 13:40 - 000001072 _____ C:\Users\Tom78\Desktop\utorrent – zástupce.lnk
2021-03-07 13:20 - 2020-09-15 15:50 - 000000000 ____D C:\Program Files\Cheat Engine 7.1
2021-03-06 11:56 - 2020-09-07 00:44 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-03-04 23:09 - 2021-02-11 19:09 - 000000000 ____D C:\Program Files (x86)\Overwolf
2021-03-04 12:02 - 2020-10-09 02:39 - 000003584 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 12:02 - 2020-10-09 02:39 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-03 16:39 - 2020-09-07 02:04 - 000000000 ____D C:\ProgramData\Package Cache
2021-03-01 15:21 - 2020-10-09 02:18 - 000267672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-01 15:19 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-03-01 15:19 - 2019-12-07 15:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\IME
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-03-01 15:19 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-03-01 15:19 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-03-01 15:17 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-01 15:06 - 2020-10-09 02:22 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-03-01 14:53 - 2020-09-10 14:06 - 000000000 ___HD C:\$WinREAgent
2021-03-01 14:50 - 2020-09-07 12:50 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-03-01 14:48 - 2020-09-07 12:50 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-15 21:13 - 2021-01-17 11:16 - 000000929 _____ C:\Users\Tom78\Desktop\Grand Theft Auto V.lnk
2021-02-15 19:09 - 2020-09-07 15:24 - 000000000 ____D C:\Users\Tom78\AppData\Local\FLiNGTrainer
2021-02-15 00:31 - 2021-02-11 19:51 - 000001162 _____ C:\Users\Tom78\Desktop\SKlauncher 3-beta.17.2.lnk
2021-02-14 18:28 - 2021-01-17 01:01 - 000000000 ____D C:\Users\Tom78\AppData\Roaming\.minecraft
2021-02-13 15:19 - 2020-09-24 21:05 - 000000000 ____D C:\Users\Tom78\AppData\Local\ElevatedDiagnostics
2021-02-13 05:37 - 2021-01-16 20:06 - 000000780 _____ C:\Users\Tom78\Desktop\Rockstar Games Launcher.lnk

==================== Files in the root of some directories ========

2021-02-09 16:53 - 2021-02-09 22:19 - 000007598 _____ () C:\Users\Tom78\AppData\Local\Resmon.ResmonCfg
2020-11-01 02:51 - 2020-11-01 02:51 - 000014116 _____ () C:\Users\Tom78\AppData\Local\Tempbannercash.tmp
2020-11-01 02:51 - 2020-11-01 02:51 - 000038121 _____ () C:\Users\Tom78\AppData\Local\Tempnewscash.tmp

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
----------------------------------------------------------------------------------------------------------------------------------------------------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2021
Ran by Tom78 (15-03-2021 17:38:12)
Running from C:\Users\Tom78\Desktop
Windows 10 Home Version 2004 19041.804 (X64) (2020-10-09 01:40:02)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4101578857-3757837661-3053645589-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4101578857-3757837661-3053645589-503 - Limited - Disabled)
Guest (S-1-5-21-4101578857-3757837661-3053645589-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4101578857-3757837661-3053645589-1002 - Limited - Enabled)
Tom78 (S-1-5-21-4101578857-3757837661-3053645589-1000 - Administrator - Enabled) => C:\Users\Tom78
WDAGUtilityAccount (S-1-5-21-4101578857-3757837661-3053645589-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Anno 1701 - History Edition (HKLM-x32\...\Uplay Install 16238) (Version: - Ubisoft)
Assassin's Creed II (HKLM-x32\...\Uplay Install 4) (Version: - Ubisoft)
Assassin's Creed III (HKLM-x32\...\Uplay Install 54) (Version: - Ubisoft)
Assassin's Creed Unity (HKLM-x32\...\Uplay Install 720) (Version: - Ubisoft)
Cities: Skylines - ČEŠTINA (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Cities: Skylines - ČEŠTINA) (Version: - )
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
CurseForge (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.167.2.4 - Overwolf app)
Discord (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{0EE6DDEF-E36B-45EB-9E03-5A266EC8A8F8}) (Version: 1.1.279.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{6D70A161-C29B-441B-9AA5-2ABBAB3B4B4D}) (Version: 1.1.1.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Grand Theft Auto V (HKLM-x32\...\{5EFC6C07-6B87-43FC-9524-F9E967241741}) (Version: 1.0.2215.0 - Rockstar Games)
Cheat Engine 7.1 (HKLM\...\Cheat Engine_is1) (Version: - Cheat Engine)
Intel Driver && Support Assistant (HKLM-x32\...\{F0E9774D-C5A1-4C83-89F9-191E1334D476}) (Version: 21.1.5.2 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{848F0123-CF5D-4192-90EC-A6574D8B1796}) (Version: 2.4.06522 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{3f5ceda7-9b48-4fa4-af57-8feaf8ab1e46}) (Version: 21.1.5.2 - Intel)
IrfanView 4.54 (64-bit) (HKLM\...\IrfanView64) (Version: 4.54 - Irfan Skiljan)
Java 8 Update 281 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180281F0}) (Version: 8.0.2810.9 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Metal Gear Solid V (HKLM-x32\...\Metal Gear Solid V_is1) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.54 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{97238E8A-4919-4A1E-965A-C6C36938F4CE}) (Version: 2.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29334 (HKLM-x32\...\{a9cfe9c7-e54f-46cd-9c5c-542ff8e3e8c4}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Mozilla Firefox 86.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 86.0.1 (x64 cs)) (Version: 86.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 80.0.1 - Mozilla)
MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team)
NVIDIA FrameView SDK 1.1.4923.29214634 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29214634 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.20.5.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.5.70 - NVIDIA Corporation)
NVIDIA Ovladač HD audia 1.3.38.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.40 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 461.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 461.40 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.166.1.16 - Overwolf Ltd.)
Paradox Launcher v2 (HKLM\...\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 - Paradox Interactive)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7910 - Realtek Semiconductor Corp.)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.33.319 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.7.5 - Rockstar Games)
Satisfactory v. 0.3.5.4 - Build 125236 (HKLM-x32\...\Satisfactory_is1) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 3: Wild Hunt - Game of the Year Edition (HKLM-x32\...\1495134320_is1) (Version: 1.32 - GOG.com)
Tom Clancy's Ghost Recon Wildlands (HKLM-x32\...\Uplay Install 1771) (Version: - Ubisoft)
Tropico 6 (HKLM-x32\...\Tropico 6_is1) (Version: - )
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 113.0 - Ubisoft)
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version: - Ubisoft)
WATCH_DOGS2 (HKLM-x32\...\Uplay Install 2688) (Version: - Ubisoft)
WinRAR 5.91 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
Word (HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key 2021 -> Intel)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-08-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Tom78\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Tom78\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi --app-url=hxxps://word.office.com/

==================== Loaded Modules (Whitelisted) =============

2021-03-15 17:16 - 2021-03-15 17:16 - 000028160 _____ () [File not signed] C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2020-12-15 14:37 - 2020-12-15 14:37 - 001950208 _____ (SQLite Development Team) [File not signed] C:\Program Files\Intel\SUR\QUEENCREEK\x64\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_281\bin\ssv.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_281\bin\jp2ssv.dll [2021-01-22] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\100sexlinks.com -> 100sexlinks.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\2020search.com -> 2020search.com
IE restricted site: HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\...\20x2p.com -> 20x2p.com

There are 1540 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2020-09-07 01:01 - 2020-09-07 00:59 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-4101578857-3757837661-3053645589-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 185.73.101.1 - 185.73.108.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run32: => "Discord"
HKLM\...\StartupApproved\Run32: => "Intel Driver & Support Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{81A2ACAC-7BFE-46A3-825E-6FC5AA6EF19D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2196E4A3-85CA-4387-BEBE-757EC088079D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{BE2704A8-C7E4-4DFE-9FB3-8D91DC878C56}] => (Block) F:\HRY\Northgard\Northgard.exe () [File not signed]
FirewallRules: [{D12490D1-4F96-4DF4-B4CB-DC7C40106699}] => (Block) F:\HRY\Northgard\Northgard.exe () [File not signed]
FirewallRules: [{476B83AD-8C3A-4C62-91C4-CC41C2937520}] => (Block) F:\HRY\Northgard.Brundr.and.Kaelinn.Clan.of.the.Lynx-ALI213\Northgard.Brundr.and.Kaelinn.Clan.of.the.Lynx\Northgard.exe => No File
FirewallRules: [{E1A34569-0EF6-4F5D-82C3-50DB27C0E39D}] => (Block) F:\HRY\Northgard.Brundr.and.Kaelinn.Clan.of.the.Lynx-ALI213\Northgard.Brundr.and.Kaelinn.Clan.of.the.Lynx\Northgard.exe => No File
FirewallRules: [{D8F26C7F-8823-4672-AD76-B948647EB169}] => (Allow) F:\HRY\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{804856F3-D84E-4DC8-A8A2-B1156A47F497}] => (Allow) F:\HRY\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{28BC51D1-A0A4-4DA8-A9C4-4361C7B372A9}] => (Block) F:\HRY\Weed Shop 2\WS2.exe () [File not signed]
FirewallRules: [{247E041C-E089-4822-B078-028E84CB6D5E}] => (Block) F:\HRY\Weed Shop 2\WS2.exe () [File not signed]
FirewallRules: [{0BDD524E-8893-486F-8789-C6F679F526B0}] => (Block) F:\HRY\MGS5\Metal Gear Solid V - The Phantom Pain\mgsvtpp.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{075EDB48-C2AA-4B52-A7EA-34F619042E2A}] => (Block) F:\HRY\MGS5\Metal Gear Solid V - The Phantom Pain\mgsvmgo.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{53D8C44F-4254-4DE5-87DD-826A19A6CA05}] => (Block) F:\HRY\MGS5\Metal Gear Solid V - The Phantom Pain\mgsvtpp.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{3A68B81F-CEBB-4A37-AD6A-F272BCD60EE4}] => (Block) F:\HRY\MGS5\Metal Gear Solid V - The Phantom Pain\mgsvmgo.exe (Konami Digital Entertainment) [File not signed]
FirewallRules: [{E31F4230-8177-42E4-A8AC-D5A7E6F88938}] => (Block) F:\HRY\Tropico 6\Tropico6.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{A165DFBD-002F-4A8C-A181-777252CF0ED1}] => (Block) F:\HRY\Tropico 6\Launcher\KalypsoLauncher.exe (Realmforge Studios GmbH -> Realmforge Studios GmbH)
FirewallRules: [{9227C3D6-09F2-4755-A6A1-23AC85DFD5C4}] => (Block) F:\HRY\Tropico 6\Launcher\KalypsoLauncher.exe (Realmforge Studios GmbH -> Realmforge Studios GmbH)
FirewallRules: [{DE1C228A-D44E-4524-B9E7-6C1C78BCE758}] => (Block) F:\HRY\Tropico 6\Tropico6.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{C310FDF9-B21F-447C-9EF2-36B3AECE1211}] => (Allow) H:\Save M3\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{CA8D4E48-4560-48D5-BE31-A27ED845D1A4}] => (Allow) H:\Save M3\uTorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{AB3D07D1-F343-4745-8BBF-78334B41EA32}] => (Allow) F:\HRY\steamapps\common\Mafia II Definitive Edition\pc\Mafia2Launcher\Launcher.exe (2K Games) [File not signed]
FirewallRules: [{DC28A0FF-8FE0-4D12-A008-1796778B67A4}] => (Allow) F:\HRY\steamapps\common\Mafia II Definitive Edition\pc\Mafia2Launcher\Launcher.exe (2K Games) [File not signed]
FirewallRules: [{86E0D448-6185-4A51-90DB-9430ED1B4329}] => (Allow) F:\HRY\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [{7C982DB4-6B44-4F2A-A635-C871809AA911}] => (Allow) F:\HRY\steamapps\common\Company of Heroes 2\RelicCoH2.exe (Relic Entertainment, Inc -> Relic Entertainment Inc.)
FirewallRules: [UDP Query User{D4661799-D23E-4533-83A6-C2C6A7545F9B}F:\hry\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) F:\hry\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe (Coffee Stain Studios AB) [File not signed]
FirewallRules: [TCP Query User{0DA87577-EE79-4040-A5E9-EBB10F2799A8}F:\hry\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe] => (Block) F:\hry\satisfactory\factorygame\binaries\win64\factorygame-win64-shipping.exe (Coffee Stain Studios AB) [File not signed]
FirewallRules: [{03094065-5F70-4628-8F76-DFA6031A5541}] => (Block) F:\HRY\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{1BF8BDA1-08E5-45CD-847A-43885924B748}] => (Block) F:\HRY\Satisfactory\FactoryGame.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [UDP Query User{D1B1E0D4-BF67-4836-B63A-5180CA8406A7}H:\save m3\utorrent\utorrent.exe] => (Allow) H:\save m3\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{00007AB2-B682-4F9C-ACBE-24F2321E234C}H:\save m3\utorrent\utorrent.exe] => (Allow) H:\save m3\utorrent\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{399A67D6-461F-4138-92C0-6B2FAEBE8EA7}] => (Allow) F:\HRY\steamapps\common\Hobo Tough Life\HoboRPG.exe () [File not signed]
FirewallRules: [{72475320-D114-4E4A-8640-AD3179F3940C}] => (Allow) F:\HRY\steamapps\common\Hobo Tough Life\HoboRPG.exe () [File not signed]
FirewallRules: [{48678FC3-EB76-4E52-BBF6-6893A8786D04}] => (Allow) F:\HRY\steamapps\common\Mashinky\Mashinky.exe () [File not signed]
FirewallRules: [{09D65E45-2058-4F15-B4F6-BDE18F58A549}] => (Allow) F:\HRY\steamapps\common\Mashinky\Mashinky.exe () [File not signed]
FirewallRules: [{B64001DA-3453-44D4-93DF-4362D7EA1B03}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8B65BDC9-A573-44FF-A639-36AF612E36AB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{D61AE92A-B187-45F8-A15D-9E607E8A2DBB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6740B168-A83F-456C-AE30-EE1BA5E0571E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1C618533-F4BF-48F3-8261-D6B9E4BB5B1F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6A2846A9-9D31-4173-A32B-EBDEDD7D11B5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{232FD1BF-0726-4D91-A468-A7FBCC7E81BE}] => (Allow) F:\HRY\steamapps\common\Drive 4 Survive\Drive 4 Survive.exe () [File not signed]
FirewallRules: [{C77105B1-AFE8-4068-8AF1-1D51F7572E23}] => (Allow) F:\HRY\steamapps\common\Drive 4 Survive\Drive 4 Survive.exe () [File not signed]
FirewallRules: [{1585A176-532B-482B-A5C7-948BAED4A994}] => (Allow) F:\HRY\steamapps\common\The Wild Age\thewildage.exe () [File not signed]
FirewallRules: [{6BDAFE8F-8492-41DE-8C1D-DD891C1B953D}] => (Allow) F:\HRY\steamapps\common\The Wild Age\thewildage.exe () [File not signed]
FirewallRules: [{57589494-E832-4BE3-9586-6926A73E6414}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\Watch_Dogs\bin\Watch_Dogs.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [{4CFA18B1-D57A-444C-91A7-F8AE8291B635}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\Watch_Dogs\bin\Watch_Dogs.exe (Ubisoft Entertainment -> Ubisoft Entertainment)
FirewallRules: [{3F621C9A-5699-412A-8147-04EA6FA36E8C}] => (Allow) F:\HRY\steamapps\common\Star Wars Empire at War\runme.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{EEDD052D-B510-4B73-B68E-73FA7FA76E62}] => (Allow) F:\HRY\steamapps\common\Star Wars Empire at War\runme.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{49E93D7D-A96D-41BA-B966-C3D0579C5F8B}] => (Allow) F:\HRY\steamapps\common\Star Wars Empire at War\runme2.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{CFC8BBBF-075B-4D40-948A-23EDFF21C96A}] => (Allow) F:\HRY\steamapps\common\Star Wars Empire at War\runme2.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{8AE43CF5-BC4F-40AA-AE08-6EF395011248}] => (Allow) F:\HRY\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{F095B4BA-A46C-4091-BA28-3C7C2D5CCFE6}] => (Allow) F:\HRY\steamapps\common\Farming Simulator 19\x64\FarmingSimulator2019Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{C1E3C1E3-DB8E-48F6-BD46-958ED58F1902}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{16664395-1F90-4CBC-B7E6-7CDC6414A4FB}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\bin\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{16B68D2B-CA03-4DE2-9F6D-CBD0E6829173}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\bin_plus\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{06560D53-284E-4B1B-B618-E3A7E2A9A6CF}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\bin_plus\WatchDogs2.exe (Blue Byte GmbH -> Ubisoft Entertainment)
FirewallRules: [{E3AFE094-9278-439B-A9C0-8D888C8817D1}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{5653E566-A605-458C-BEAE-60B461825440}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\WATCH_DOGS2\EAC.exe (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
FirewallRules: [{FD4FC209-F226-4B45-85D6-DC866AD32EA3}] => (Allow) F:\HRY\Ubisoft Game Launcher\games\Tom Clancy's Ghost Recon Wildlands\GRW_Upp.exe (Blue Byte GmbH -> )
FirewallRules: [TCP Query User{C4486029-B581-46AE-A011-BE46619B24BF}F:\hry\ubisoft game launcher\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) F:\hry\ubisoft game launcher\games\tom clancy's ghost recon wildlands\grw.exe (Blue Byte GmbH -> )
FirewallRules: [UDP Query User{C7615364-DFAE-459E-9BFA-5010544D5A19}F:\hry\ubisoft game launcher\games\tom clancy's ghost recon wildlands\grw.exe] => (Allow) F:\hry\ubisoft game launcher\games\tom clancy's ghost recon wildlands\grw.exe (Blue Byte GmbH -> )
FirewallRules: [{33AE8F15-A7F2-4F2D-BED2-A6793B20C354}] => (Allow) F:\HRY\AC\AssassinsCreedSyndicate\ACS.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{9268913E-638E-456E-823C-6AEF0FF44E62}] => (Allow) F:\HRY\AC\Assassin's Creed III\AC3SP.exe (Ubisoft Entertainment -> )
FirewallRules: [{1B7EAF54-8DFB-4645-804F-EE080EEA92F8}] => (Allow) F:\HRY\AC\Assassin's Creed III\AC3SP.exe (Ubisoft Entertainment -> )
FirewallRules: [{0C8E9339-497A-4768-A566-5940C704E01F}] => (Allow) F:\HRY\AC\Assassin's Creed III\AC3MP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{6AF39E45-A1A8-496E-933C-203FD5C8A4C2}] => (Allow) F:\HRY\AC\Assassin's Creed III\AC3MP.exe (Ubisoft Entertainment SA -> )
FirewallRules: [{9CD2C7C9-C374-42C2-827A-09F149DB8748}] => (Allow) F:\HRY\AC\Assassin's Creed II\AssassinsCreedIIGame.exe (Ubisoft Entertainment -> )
FirewallRules: [{AA9C0709-1826-4FBC-B159-0C99AF310FA4}] => (Allow) F:\HRY\AC\Assassin's Creed II\AssassinsCreedIIGame.exe (Ubisoft Entertainment -> )
FirewallRules: [{DA361D88-1441-4A4B-94BA-7F01C9BF32D8}] => (Allow) F:\HRY\AC\Assassin's Creed Unity\ACU.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{AC9BB320-4C27-412C-B22D-B012678492A5}] => (Allow) F:\HRY\AC\Assassin's Creed Unity\ACU.exe (UBISOFT ENTERTAINMENT INC. -> )
FirewallRules: [{76A8ECB2-BE29-4CC5-AB02-A5182FBC1FA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{256A94D7-C591-4C10-8CCF-B5CF408662FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{34ACA844-8D83-4636-9EA8-E20A9C059FF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F2FDAD18-DE42-448E-A126-9E8A859406E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E2D2C2D2-1579-4492-8887-9FE5045F5841}] => (Allow) F:\HRY\steamapps\common\Gothic\system\GOTHIC.EXE (Piranha Bytes Software GmbH) [File not signed]
FirewallRules: [{E2CC0DAE-95E2-4DEC-89F7-07BEF48CB561}] => (Allow) F:\HRY\steamapps\common\Gothic\system\GOTHIC.EXE (Piranha Bytes Software GmbH) [File not signed]
FirewallRules: [TCP Query User{D1D9CB97-50C5-44A8-A912-BE99DA76E6C7}F:\hry\anno 1701 - history edition\anno1701.exe] => (Allow) F:\hry\anno 1701 - history edition\anno1701.exe (Ubisoft Blue Byte GmbH -> )
FirewallRules: [UDP Query User{72AC45D4-87FB-44E5-B473-57D15002CBCE}F:\hry\anno 1701 - history edition\anno1701.exe] => (Allow) F:\hry\anno 1701 - history edition\anno1701.exe (Ubisoft Blue Byte GmbH -> )
FirewallRules: [{597978D7-903B-453B-A2F0-D0E06FFD37F6}] => (Block) F:\HRY\AGFY-Subnautica.v63668\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{040A3722-59F1-4F58-96F0-84493929E287}] => (Block) F:\HRY\AGFY-Subnautica.v63668\Subnautica\Subnautica.exe () [File not signed]
FirewallRules: [{4ABF2E53-FE63-4D38-BA7D-B316016C0CCA}] => (Allow) F:\HRY\GTA\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [{42E26A28-78FD-49DA-9B98-5DBDFA071D51}] => (Allow) F:\HRY\GTA\Grand Theft Auto V\GTA5.exe (Rockstar Games, Inc. -> Rockstar Games)
FirewallRules: [TCP Query User{06E99787-49AC-43C7-81F0-552A235B91C3}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [UDP Query User{693EC341-C955-4B29-B116-C892245D7CA6}C:\program files\java\jre1.8.0_281\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_281\bin\javaw.exe
FirewallRules: [{2DF03929-7091-4388-897D-D9A469C795E4}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{6E3E4396-7CF9-4A29-8371-A062F8401D2C}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{BE010B2A-646A-4C7A-B7E7-E03F83225662}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{483676FB-2AEC-4BD4-9662-3EF5C368DB14}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel(R) System Usage Report -> )
FirewallRules: [{5F5B010F-09CF-4D27-AB4A-D2D77FE6E99C}] => (Allow) F:\HRY\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{3A6D9E9A-2C29-45E7-94AD-C63640679542}] => (Allow) F:\HRY\steamapps\common\Valheim\valheim.exe () [File not signed]
FirewallRules: [{2B05871E-1659-42BB-BBEF-0A98E7D11050}] => (Allow) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{1FC57F1C-BDF6-4E01-A3AF-76324ADBD12E}] => (Allow) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{CED66BE0-3A8F-4FC4-B541-578C35823620}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{00463ADC-A205-412A-BAE0-1E5CBEAFE106}] => (Block) C:\Program Files (x86)\Overwolf\0.166.1.16\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{5482777F-0D86-4C98-97D3-3DF354A43694}] => (Allow) F:\HRY\steamapps\common\Metro 2033\metro2033.exe (THQ, Inc. -> 4A Games)
FirewallRules: [{291164F6-F016-4EE2-920B-8B51EDCA3E24}] => (Allow) F:\HRY\steamapps\common\Metro 2033\metro2033.exe (THQ, Inc. -> 4A Games)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:126.95 GB) (Free:42.68 GB) (34%)

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/15/2021 01:58:06 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Stroj)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/15/2021 02:00:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: mbamtray.exe, verze: 3.0.0.865, časové razítko: 0x584ee77c
Název chybujícího modulu: mbamtray.exe, verze: 3.0.0.865, časové razítko: 0x584ee77c
Kód výjimky: 0xc0000005
Posun chyby: 0x00053ec5
ID chybujícího procesu: 0x1dfc
Čas spuštění chybující aplikace: 0x01d719369d922652
Cesta k chybující aplikaci: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Cesta k chybujícímu modulu: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
ID zprávy: a2d8bfbe-43cf-4a35-896e-a4f91277bf4b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (03/14/2021 10:50:33 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Stroj)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/14/2021 10:13:12 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: Stroj)
Description: Nelze otevřít objekt výkonu služby serveru. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (03/14/2021 10:11:18 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1017) (User: NT AUTHORITY)
Description: Sběr dat čítače výkonu od služby BITS byl vypnut z důvodu jedné nebo více chyb generovaných knihovnou čítače výkonu pro tuto službu. Chyby, které vyvolaly tuto akci, byly zapsány do protokolu událostí aplikace. Opravte tyto chyby před novým zapnutím čítačů výkonu pro tuto službu.

Error: (03/14/2021 10:11:18 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1009) (User: NT AUTHORITY)
Description: Procedura Open v knihovně DLL rozšiřitelných čítačů C:\Windows\System32\bitsperf.dll pro službu BITS vygenerovala výjimku 3221225477 v adrese 0x7ffe4ac1c44d. Data o výkonu pro tuto službu nebudou k dispozici.

Error: (03/14/2021 10:04:52 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Centru zabezpečení se nepodařilo ověřit volajícího s chybou %1.

Error: (03/14/2021 02:24:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program GameBar.exe verze 5.521.2012.0 přestal spolupracovat s Windows a byl ukončen. Pokud chcete zjistit, jestli je k dispozici více informací o tomto problému, vyhledejte historii problému na ovládacím panelu Zabezpečení a údržba.

ID procesu: 1f68

Čas spuštění: 01d718d3ef3e301c

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe\GameBar.exe

ID hlášení: 5ed63985-2b0f-4377-a066-5a0fbc0b84b8

Úplný název balíčku s chybou: Microsoft.XboxGamingOverlay_5.521.2012.0_x64__8wekyb3d8bbwe

ID aplikace relativní podle balíčku s chybou: App

Typ zablokování: Navigation


System errors:
=============
Error: (03/15/2021 05:15:12 PM) (Source: DCOM) (EventID: 10010) (User: Stroj)
Description: Server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/15/2021 05:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Energy Server Service queencreek byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/15/2021 05:11:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (03/15/2021 05:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Driver & Support Assistant byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/15/2021 05:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) Driver & Support Assistant Updater byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/15/2021 05:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba StopUpdates10 Guard byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/15/2021 05:11:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/15/2021 05:11:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA LocalSystem Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.


Windows Defender:
================
Date: 2021-03-14 21:20:17
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: VirTool:Win32/DefenderTamperingRestore
Závažnost: Vážné
Kategorie: Nástroj
Cesta: regkeyvalue:_hklm\software\policies\microsoft\windows defender\\DisableAntiSpyware
Původ detekce: Neznámý
Typ detekce: Konkrétní
Zdroj detekce: Uživatel
Uživatel: Stroj\Tom78
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.333.404.0, AS: 1.333.404.0, NIS: 1.333.404.0
Verze modulu: AM: 1.1.17900.7, NIS: 1.1.17900.7

Date: 2021-03-12 16:13:53
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {3138FE1E-E48E-4E1B-B5E8-1D150952E6D0}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-12 15:10:53
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {B1D10F24-26A6-448C-8EB6-5DD7C8CE1F1A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 16:19:20
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {70249C1F-F5D1-468C-A45B-8B0E8293FEA1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-11 14:35:18
Description:
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6691249D-F56B-4AFE-B9B3-A8B6407B4553}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===============
Date: 2021-03-13 13:19:19
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 2107 08/08/2014
Motherboard: ASUSTeK COMPUTER INC. B85-PLUS
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 41%
Total physical RAM: 8097.73 MB
Available physical RAM: 4697.94 MB
Total Virtual: 16289.73 MB
Available Virtual: 11117.71 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:126.95 GB) (Free:42.68 GB) NTFS
Drive d: (Hry) (Fixed) (Total:226.74 GB) (Free:46.98 GB) NTFS
Drive e: () (Fixed) (Total:134.65 GB) (Free:84.18 GB) NTFS
Drive f: () (Fixed) (Total:931.41 GB) (Free:206.37 GB) NTFS
Drive h: (Záloha) (Fixed) (Total:443.16 GB) (Free:281.3 GB) NTFS

\\?\Volume{954ccc49-a461-11e6-a407-806e6f6e6963}\ () (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==================== End of Addition.txt =======================

[Diallix]

Pouzite tento nastroj: https://forum.viry.cz/viewtopic.php?f=24&t=155685
Spustite ho a log vlozte sem.

Na virustotal.com po jednom nahrajte subory nizzsie a ich vysledky po skenu (url) skopirujte sem:
C:\Windows\SysWow64\drivers\AsIO.sys
C:\WINDOWS\System32\drivers\BthA2dp.sys
C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe

[pan Hankey]

.
.
----------- Inline Hook Scanner --------[3.9]---
Written by Diallix (C)
www.diallix.net
------------------------------------------------
.
.
...[Time/Date]: 18:17/15.2 2021
...[Running as Admin.]: Yes
.
.
=== Running Executable objects and their loaded modules ===


C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
C:\WINDOWS\System32\win32u.dll
C:\WINDOWS\System32\gdi32full.dll
C:\WINDOWS\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.746_none_11afeb8d2fff49aa\COMCTL32.DLL
C:\WINDOWS\SYSTEM32\asio.dll
C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll

C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\WINDOWS\System32\win32u.dll
C:\WINDOWS\System32\gdi32full.dll
C:\WINDOWS\SYSTEM32\VCRUNTIME140_CLR0400.dll
C:\WINDOWS\SYSTEM32\ucrtbase_clr0400.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\218db16dceaef380c6daf35c6a48f313\mscorlib.ni.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\258d4259dd4377d917679ad4b058966e\System.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\WINDOWS\SYSTEM32\Wldp.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\040fa6ee0be6d987f3e8edf9010ce68a\System.Xml.ni.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\44e36f78b5e2f34aba2d7b5667796954\System.Core.ni.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\8e54272dd2ed41ee65c2f42f2bbe4cf6\System.Runtime.Serialization.ni.dll
C:\WINDOWS\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Net.Http\b5cb08672fe4301680721d205842a47e\System.Net.Http.ni.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\02c0e0f2ac437bb15273bcf97e53b7e3\System.Configuration.ni.dll
C:\WINDOWS\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
C:\WINDOWS\SYSTEM32\httpapi.dll
C:\Windows\System32\Windows.StateRepositoryPS.dll
C:\Program Files (x86)\Intel\Driver and Support Assistant\DSACoreInterop.dll
C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll
C:\WINDOWS\SYSTEM32\MSVCP140.dll
C:\WINDOWS\System32\drvstore.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\51ecb493c064588421091f5bc0dd79cd\System.Management.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\wminet_utils.dll
C:\WINDOWS\SYSTEM32\amsi.dll
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\X86\MpOav.dll
C:\Program Files (x86)\Intel\Driver and Support Assistant\DSASsdInterop.dll
C:\Program Files (x86)\Intel\Driver and Support Assistant\irmfuu_module.dll
C:\WINDOWS\SYSTEM32\NtlmShared.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\bb1284e8ef44ecb294171d8e507c8d64\System.Xaml.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll

C:\WINDOWS\SysWOW64\PnkBstrA.exe
C:\WINDOWS\System32\win32u.dll
C:\WINDOWS\System32\gdi32full.dll
C:\WINDOWS\System32\Wldp.dll

C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\WINDOWS\SYSTEM32\AcLayers.DLL
C:\WINDOWS\System32\win32u.dll
C:\WINDOWS\System32\gdi32full.dll
C:\WINDOWS\SYSTEM32\UMPDC.dll
C:\WINDOWS\SYSTEM32\Wldp.dll
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvUtil.node
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvBackendAPINode.node
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackendAPI32.dll
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvABHubAPI.node
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameStreamAPINode.node
C:\WINDOWS\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.789_none_429ddec08a8f10c1\gdiplus.dll
C:\Program Files (x86)\NVIDIA Corporation\NvAb\NvAbHubClient\NvPluginAbHubClient32.dll
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI32.dll
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\NvGameShare.dll
C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll
C:\WINDOWS\SYSTEM32\MSVCP140.dll
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\MessageBus.dll
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libcrypto-1_1.dll
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\NvGfeServiceBridge.dll
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryBridge32.dll
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
C:\WINDOWS\SYSTEM32\inputhost.dll
C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
C:\WINDOWS\SYSTEM32\CoreMessaging.dll
C:\WINDOWS\SYSTEM32\dxcore.dll
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvShadowPlayAPINode.node
C:\WINDOWS\SYSTEM32\XINPUT9_1_0.dll
C:\Program Files (x86)\NVIDIA Corporation\ShadowPlay\nvspapi.dll
C:\Program Files (x86)\NVIDIA Corporation\ShadowPlay\IpcCommon.dll
\\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

C:\Users\Tom78\Desktop\inlinehookscanner.exe
C:\WINDOWS\System32\win32u.dll
C:\WINDOWS\System32\gdi32full.dll
C:\WINDOWS\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.19041.488_none_89e6152f0b32762e\COMCTL32.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\WINDOWS\SYSTEM32\ucrtbase_clr0400.dll
C:\WINDOWS\SYSTEM32\VCRUNTIME140_CLR0400.dll
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\218db16dceaef380c6daf35c6a48f313\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\WINDOWS\SYSTEM32\Wldp.dll
.
.
[Total scanned objects]: 313.
.
.
[EOF]


----------------------------------------------------------------------------------------------------------------------------------------------------
https://www.virustotal.com/gui/file/0ee ... /detection
https://www.virustotal.com/gui/file/044 ... /detection
https://www.virustotal.com/gui/file/479 ... /detection

[pan Hankey]

Ted nevím jestli jsem něco neudělal blbě. Postupoval jsem podle poslední rady.

[Diallix]

Urobil ste to spravne.

Mozete sem dat Nove logy FRST + ADDITION.